Kod programskog paketa Webkitgtk uočene su brojne ranjivosti. Riječ je o mehanizmu prilagođenom za GTK+ platformu koji pretraživačima omogućuje prikaz web stranica. Neki od propusta su povezani s neodgovarajućim rukovanjem velikim količinama teksta u HTML dokumentima, problemom korištenja prethodno oslobođene memorije prilikom editiranja teksta ili prekoračenjem memorijskih granica prilikom analize SVG dokumenata. Posljedice ovih propusta mogu omogućiti napadačima izvođenje DoS napada te štetnih radnji nad memorijom. Korisnici se upućuju na detaljno čitanje izvorne preporuke, a potom i nadogradnju.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0121
2011-01-04 20:16:14
--------------------------------------------------------------------------------

Name        : webkitgtk
Product     : Fedora 13
Version     : 1.2.6
Release     : 1.fc13
URL         : http://www.webkitgtk.org/
Summary     : GTK+ Web content engine library
Description :
WebKitGTK+ is the port of the portable web rendering engine WebKit to the
GTK+ platform.

--------------------------------------------------------------------------------
Update Information:

- New stable release, API and ABI compatible with previous 1.2.x versions
- Fixes crashes with newer libpng (>= 1.4)
- The patches to fix the following CVEs are included with help from Huzaifa
Sidhpurwala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> from the Red Hat security team

CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206
CVE-2010-1791 CVE-2010-3812 CVE-2010-3813 CVE-2010-4577
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan  4 2011 Huzaifa Sidhpurwala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.6-1
- Update to 1.2.6.
- Fixes CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206
- Fixes CVE-2010-1791 CVE-2010-3812 CVE-2010-3813
- Document fix for CVE-2010-3255 CVE-2010-3119
* Mon Oct  4 2010 Kevin Fenzi <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.5-1
- Update to 1.2.5. 
- Fixes: CVE-2010-3113 CVE-2010-1814 CVE-2010-1812
- Fixes: CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114
- Fixes: CVE-2010-3116 CVE-2010-3257 CVE-2010-3259
* Wed Sep  8 2010 Kevin Fenzi <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.4-1
- Update to 1.2.4 which fixes: 
- Fixes: CVE-2010-1780 CVE-2010-1782 CVE-2010-1784 CVE-2010-1785
- Fixes: CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790
- Fixes: CVE-2010-1792 CVE-2010-1793 CVE-2010-2648
- Update to 1.2.3 which fixes: 
- Fixes: CVE-2010-1386 CVE-2010-1392 CVE-2010-1405 CVE-2010-1407
- Fixes: CVE-2010-1416 CVE-2010-1417 CVE-2010-1665 CVE-2010-1418
- Fixes: CVE-2010-1421 CVE-2010-1422 CVE-2010-1501 CVE-2010-1767
- Fixes: CVE-2010-1664 CVE-2010-1758 CVE-2010-1759 CVE-2010-1760
- Fixes: CVE-2010-1761 CVE-2010-1762 CVE-2010-1770 CVE-2010-1771
- Fixes: CVE-2010-1772 CVE-2010-1773 CVE-2010-1774 CVE-2010-2264
- Fixes bugs: 606303 606304 615728 615729 631583
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #656118 - CVE-2010-4198 WebKit: Memory corruption due to improper
handling of large text area
        https://bugzilla.redhat.com/show_bug.cgi?id=656118
  [ 2 ] Bug #656115 - CVE-2010-4197 WebKit: Use-after-free vulnerabiity related
to text editing causes memory corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=656115
  [ 3 ] Bug #656129 - CVE-2010-4206 WebKit: Array index error during processing
of an SVG document
        https://bugzilla.redhat.com/show_bug.cgi?id=656129
  [ 4 ] Bug #667022 - CVE-2010-3812 webkit: Integer overflow in WebKit's
handling of Text objects
        https://bugzilla.redhat.com/show_bug.cgi?id=667022
  [ 5 ] Bug #667024 - CVE-2010-3813 webkit: HTMLLinkElement ignores
dnsPrefetchingEnabled setting
        https://bugzilla.redhat.com/show_bug.cgi?id=667024
  [ 6 ] Bug #667025 - CVE-2010-4577 webkit: CSS Font Face Parsing Type
Confusion Vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=667025
  [ 7 ] Bug #656126 - CVE-2010-4204 WebKit: Use-after-free vulnerability
related frame object
        https://bugzilla.redhat.com/show_bug.cgi?id=656126
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update webkitgtk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh